Francisco Burzi

Php-nuke

94 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2004-2293

Exploit
  • EPSS 0.06%
  • Veröffentlicht 31.12.2004 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) eid parameter or (2) query parameter to the Encyclopedia module, (3) preview_review function in the R...

5

CVE-2004-2296

Exploit
  • EPSS 0.04%
  • Veröffentlicht 31.12.2004 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The preview_review function in the Reviews module in PHP-Nuke 6.0 to 7.3, when running on Windows systems, allows remote attackers to obtain sensitive information via an invalid date parameter, which generates an error message.

5

CVE-2004-2297

Exploit
  • EPSS 0.35%
  • Veröffentlicht 31.12.2004 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to cause a denial of service (CPU and memory consumption) via a large, out-of-range score parameter.

6.8

CVE-2004-2354

Exploit
  • EPSS 0.04%
  • Veröffentlicht 31.12.2004 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

SQL injection vulnerability in 4nGuestbook 0.92 for PHP-Nuke 6.5 through 6.9 allows remote attackers to modify SQL statements via the entry parameter to modules.php, which can also facilitate cross-site scripting (XSS) attacks when MySQL errors are t...

6.8

CVE-2004-0265

Exploit
  • EPSS 10.47%
  • Veröffentlicht 23.11.2004 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke 6.x-7.1.0 allows remote attackers to execute arbitrary script as other users via URL-encoded (1) title or (2) fname parameters in the News or Reviews modules.

6.4

CVE-2004-0269

Exploit
  • EPSS 0.12%
  • Veröffentlicht 23.11.2004 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly 7.x, allows remote attackers to inject arbitrary SQL code and gain sensitive information via (1) the category variable in the Search module or (2) the admin variable in the Web_Lin...

5

CVE-2004-0266

Exploit
  • EPSS 0.03%
  • Veröffentlicht 23.11.2004 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

SQL injection vulnerability in the "public message" capability (public_message) for Php-Nuke 6.x to 7.1.0 allows remote attackers to obtain the administrator password via the c_mid parameter.

7.5

CVE-2004-0738

  • EPSS 0.03%
  • Veröffentlicht 27.07.2004 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple SQL injection vulnerabilities in the Search module in Php-Nuke allow remote attackers to execute arbitrary SQL via the (1) min or (2) categ parameters.

7.5

CVE-2004-0737

  • EPSS 0.04%
  • Veröffentlicht 27.07.2004 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple cross-site scripting vulnerabilities in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) sid, (2) max, (3) sel1, (4) sel2, (5) sel3, (6) sel4, (7) sel5, (8) match, (9) mod...

5

CVE-2004-0736

  • EPSS 0.02%
  • Veröffentlicht 27.07.2004 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The search module in Php-Nuke allows remote attackers to gain sensitive information via the (1) "**" or (2) "+" search patterns, which reveals the path in an error message.